The chances of a hacker remotely breaking into the National Security Agency’s systems are very unlikely, according to an anonymous insider who spoke to Motherboard.
Advertisement
– Edward Snowden (@Snowden) August 16, 20165) Knowing this, NSA’s hackers (TAO) are told not to leave their hack tools (“binaries”) on the server after an op. The second, encrypted, file is being auctioned off to the highest bidder. Since then, experts who have seen some of the stolen files believe that the NSA has indeed been hacked, with Russian Federation being one of the prime suspects.
Ironically, the server in question was actually cycled in 2013 after Snowden fled to Hong Kong en route to Moscow, thus cutting off the undetected Russian hackers who were inside and preventing even more secrets from spilling, Snowden claimed.
Szoldra believes that publicly releasing valuable NSA malware makes little sense. Our rivals do the same thing to us – and occasionally succeed. They say the tools are likely for use by the NSA to penetrate the network firewalls that many corporations or government agencies use to protect their servers from external attacks.
A successful hack of the NSA – if that’s what happened – would mark a major defeat for one of the crown jewels of the USA government’s defense establishment.
On Monday, the security world was rocked by a sensational claim: A mysterious new group calling itself “Shadow Brokers” claimed it had hacked into an elite NSA-linked hacking group and was auctioning off cyberweapons.
The set of files available for free contains a series of tools for penetrating network gear made by Cisco, Juniper, and other major firms. The information they sell that can be used is only valuable when the hacked party isn’t aware they are vulnerable.
For instance, a few of the exploits target Cisco products – which are widely used and thought to be secure and stable – and can allow a bad actor to bypass a firewall, Martin said.
Risk Based Security is still looking at how severe these exploits might be, and if they’ve previously been patched.
The sample files that have been released were dated most recently to 2013. The unspoken understanding is that the Equation Group is part of the NSA.
The NSA has not commented.
“Equation Group’s ELIGIBLECANDIDATE exploits an RCE [remote code execution] vulnerability in HTTP cookies in a TOPSEC firewall CGI script”, tweeted Mustafa Al-Bassam, a British researcher who was once a member of the Lulzsec hacking crew.
However, a potentially more alarming issue is what else might have been stolen.
The Shadow Brokers said they would release this additional information subject to raising 1 million Bitcoins – digital currency, in this case worth about $575 million – through an online auction.
Whoever obtained the code would have had to break into NSA servers that store the files, the Times said. According to The New York Times, most computer security experts, who studied the statement from Shadow Brokers, concluded that their statements could be true to fact.
Among them, he included the timing of the auction, which comes about three years after experts believe the information was stolen.
In fact, some say that exposing the agency’s stockpile of custom-made malware is an effort to deter the United States government from retaliating against Russian Federation over the recent Democratic National Committee hack, which USA officials and many technical experts have blamed on Kremlin operatives.
The tools in the Shadow Broker dump appear to be several years old.
Advertisement
Weaver said bitcoin “is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy”.
